Items tagged with security

Google is working hard to make the web a more secure place and with its Chrome browser being the most popular browser on the market by most accounts, that was a good place to start. Google says that security has always been one of the core principles of Chrome and points out that it was found to be the most secure browser in two recent studies when looking at multiple aspects of security. Google promised about a year back that it would start marking all websites that aren't encrypted with HTTPS security as "not secure" in Chrome. Google's Emily Schechter, Chrome Security Manager, wrote, "We wanted... Read more...
A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai. Whereas Mirai was able to spread by cracking weak passwords on... Read more...
Google knows that exploits make it through the app development process and could be lurking in some of the most popular apps on the Google Play Store, waiting for a nefarious hacker to take advantage. To help weed out these vulnerabilities, Google has launched the Google Play Security Reward Program. Developers of popular apps are invited to opt-in to the program and if they do, Google will pay out  up to$1,000 for bugs found in those apps. Google writes, "Developers of popular Android apps are invited to opt-in to the program, which will incentivize security research in a bug bounty model.... Read more...
Google has announced a new program for those who are most vulnerable to targeted attacks on via its services. Google says that the Advanced Protection Program is aimed directly at journalists, business leaders, and political campaign teams. Advanced Protection Program gives these users a physical Security Key promising the strongest possible phishing protection. The program limits access to emails and files from non-Google services and blocks fraudulent account access with extra steps needed to prove you are the one accessing your account. Protection against phishing attacks sees the physical Security... Read more...
Hacking happens all the time, and when it affects a large number of people, companies typically disclose the breach. Not always, of course, sometimes not even in a timely manner. As it pertains to Microsoft, something a little different occurred several years ago. Several former employees say a sophisticated hacking group busted into a secret internal database, which Microsoft never made public. Five ex-employees each told Rueters the same thing in separate interviews. All of them claim the breach happened in 2013, with Microsoft responding in private rather than disclosing the extent of the attack... Read more...
This morning we talked about a researcher from KU Leuven University in Belgium who had discovered a major security vulnerability in the WiFi Protected Access II (WPA2) protocol that is used to secure wireless internet traffic. That vulnerability could be used to allow a nefarious attacker to glean confidential details sent over WiFi such as usernames and passwords for secure websites. At least one software company didn't waste any time with an update, with Microsoft confirming that it released an update on October 10th that addressed the exploit. Microsoft has released a patch that will fix the... Read more...
Cybercriminals have developed a new form of Android ransomware that gives victims added incentive to pay up. In addition to scrambling the user's data with an AES encryption algorithm, the new ransomware replaces an infected device's personal identification number (PIN) with one that is randomly generated, effectively locking the rightful owner out. One the ransom is paid, the attacker can remotely reset the PIN and unlock the device. ESET, a security firm that offers antivirus solutions for both desktop and mobile devices, discovered the new ransomware and dubbed it DoubleLocker, since it locks... Read more...
A security expert at Belgian university KU Leuven has discovered a major vulnerability in the Wi-Fi Protected Access II (WPA2) protocol that could a expose a user's wireless Internet traffic, including usernames and passwords that are entered into secure websites. The vulnerability affects most devices and several operating systems, including Android, iOS, Windows, Linux, and OpenBSD. "Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Marthy Vanhoef, a security expert at Belgian university KU Leuven, wrote in a detailed report... Read more...
All statistics are notable in their own right, but once in a while, one comes along that seems downright mind-boggling. Take this one: 500 million people are currently affected by unauthorized cryptocurrency mining. Remember when pop-up ads were the biggest offense? That's child's play. If you run into a website running a mining script, you'll be paying real money by way of a higher power bill. AdGuard, a company specializing in blocking unwanted scripts from websites, has just released a report on its research which includes the 500 million stat above. That's far from being the only interesting... Read more...
After an almost mind-boggling number of security and privacy issues that have deluged into our lives over the past handful of years, you'd think that companies would begin to take their customers' private data seriously. Still, there are some who just don't seem to "get it", and apparently, OnePlus has proven to be one of these late bloomers. Earlier this week, we wrote of security researcher Chris Moore, who discovered data that was being sent to OnePlus' Amazon AWS instances without permission, and without an option to turn it off. While much (or perhaps all) of the data that was transmitted... Read more...
Late last year a hack was perpetrated on what is called a "partner organization" that worked with the Australian Signals Directorate (ASD). The unnamed organization notified the ASD that it was hacked in November of 2016, and that outside parties gained access to its network. The small organization has only 50 employees and is a subcontractor to the Department of Defense, providing aerospace engineering assistance. The data that was stolen in the hack contained information that is protected under the International Traffic in Arms Regulations (ITAR) and included details on the F-35 Lightning II... Read more...
A software engineer has discovered that OnePlus is actively collecting certain data on its users without their knowledge or permission. Chris Moore, owner of a UK-based security and tech blog and a finalist at Cyber Security Challenge UK, published an article detailing the Chinese electronic company's data collection and how there does not appear to be a setting to turn it off. Moore noticed the curious activity while participating in a security event. What he found was that his OnePlus 2 was feeding specific data to open.oneplus.net, which after a DNS lookup was revealed to be an Amazon AWS instance.... Read more...
Do you know what hackers were doing around this time five years ago? They were breaking into a database at Disqus, the popular blog comment hosting service supported by scores of websites, in many cases in place of traditional web forums (remember those?). Disqus only found out about it this past Thursday and began alerting users a day later, rather than waiting like many companies often do. "On October 5th, we were alerted to a security breach that impacted a database from 2012. While we are still investigating the incident, we believe that it is best to share what we know now," Disqus stated... Read more...
Back in 2013, Yahoo's database was breached by hackers and it wasn't discovered or reported until 2016. When that reporting happened last year, Yahoo thought that detials on 1 billion of its user accounts had been stolen. As it turns out, things are much worse than Yahoo (now owned by Verizon and part of Oath) originally thought. Yahoo reports that after its acquisition by Verizon and during the integration of the two companies, new intelligence on the breach was found and that it now believes all 3 billion accounts existing in 2013 were stolen in the hack. Yahoo reminds users that this isn't a... Read more...
1 2 3 4 5 Next ... Last